MALWARE: unknown ransomware, but unsegmented domain
According to the source, a “domain admin” — a user with the highest level of privileges on the network — clicked on a malicious link while they were logged in, which triggered the file-encrypting malware, according to Tech Crunch report. Because the thousands of computers on the network were on the same, unsegmented domain, the ransomware quickly spread to every CPI office, including its on-site backups, the source said.
Incidents Caused by this Malware
- Ransomware Bites Defense Manufacturer, Communications & Power Industries January 15, 2020:
Threat Actors Known to use this Malware
No threat actors identified